Schneier on Security
A blog covering security and security technology.
« Termite Suicide Bombers |
| U.S. and China Talking About Cyberweapons »
August 10, 2012
Friday Squid Blogging: Dumpling Squid
The sex life of the dumpling squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on August 10, 2012 at 4:02 PM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I think high-frequency trading has been discussed here before, so the fact that an increasing percentage of stock trades are conducted by computers without direct human supervision won't be news to any of you. However, a prominent journalist has just noticed.
This is getting more attention because of the Knight Capital incident, which appears to have been caused by a bug in an HFT program.
The SEC is advising companies to put more effort into testing program changes before installing them. A programmer reponds in a New York Times op-ed, saying, essentially, "Hahahahaha."
And yet, sandpipers do it all day too, and it seems to be good for them:
Wait for it...the security angle:
It's probably because the TSA doesn't get to handle their junk.
I have observed something interesting about admitance control to remote induztrial complexes. Because of remote location admitance control have been outsourced to transport providers, but because of the volume of people involved, multiple entrance points and thenumber of service providers involved, I started to doubt the actual control.
One reason to doubt it was the number of phone calls I received visiting the location. An effective admitance control should give you a single, up to date list of people on location, people temporarily off, people expected to arrive and people reasently left.
The location I visited did not seem to have this fully under control, but expect that this was temporarly as they where in the middle of a hectic mobilization.
@ Petréa Mitchell,
Yes HFT has been discussed before (@ Doug Coulter made some interesting comments as did @ Robert T).
There are arguments for and against HFT most are actually invalid and appear to be made by those promoting HFT.
In essence HFT is carried out by "Market Makers" who charge fees "rent" for trading other peoples assets prior to the NYSE opening up server space to all comers one trading house had exclusivity and appeared to defy all market predictions to their advantage.
The problem with HFT is the way offers can be made and withdrawn, this alows traders to "scope out" what other traders limits are and thus make biased buys automaticaly. To stop this other HFT participents rapidly change limits so the "scoping out" becomes less and less valid by the micro second.
In this respect HFC is the traders EW ECM/ECCM/ECCCM/... with vastly more resources being invested for ever decreasing returns.
Now if HFT was a "negitive feedback" only system this would not realy matter two much as this drives towards stability. However that does not make money so "positive feedback" systems are used unfortunatly without great care positive feedback becomes rapidly unstable and leads to "oscillation". Well for obvious reasons traders don't want predictable behaviour so they "clamp off" at the point where oscillitory behaviour is suspected. Unfortunatly many trades can be made in this time by many traders so the signal can be very very difficult to pull from the noise. Thus the potential for "lock step" between trading systems looking like a market trend not oscillitory build up so the systems follow without hinderence. The result is a lot of false assumption trading done very rapidly giving wild swings which can give rise to a Flash Crash or KC issue in the blink of an eye.
In essence the traders have created a "faux market" just like a roulette wheel where bets are alowed to be made by gambling addicts just as the ball falls, the results are seldoom pretty.
If the fall out was limited to just the MM's then it would not realy matter, but unfortunatly that is not the case and it will be a long time before the ripples of the KC stone hurled into the pond finish spreading out like micro tsunami.
Mr Joyce the man in charge of KC has been running around making ludicrous statments in order to try to perrform "damage limitation" however he appears to be making the problem worse. I'm kind of expecting him or KC to be brought down within a short period of time which will create further tsunami.
It's all not good and the "test your software" call is a compleate joke as the systems are at a level of complexity way beyond most peoples ability to comprehend. Collectivly the complexity is beyond that which can be tested in even unrealistic time scales so jst won't be done.
It woulld appear the simplest solution to the ills of HFC is various time lock outs or more importantly preventing the offer yanking which allows systems to scope each other out.
how about a transaction tax? it wouldn't need to be very big per share to add up with high frequency trading of large blocks, whereas it wouldn't affect someone who trades once a year at all. (yes, this idea is not original to me, I was just wondering if you thought about it)
"test your software" is pretty amusing when it comes to complex near real time systems. remember the joke about st. ronnie's star wars? you need to have a nuclear war to stress the system enough to find out if it works. with many tens of millions of lines of code operating semi-autonomously distributed on many separate sites linked by who knows what, I'll bet against it. the trouble is there might not be anything left to collect.
Just charge a 0.001c per unit transaction tax on all traded entities (e.g. 0.001c per share, 0.001c per barrel of oil, 0.001c per bushel of wheat etc).
Skip to 1:02:06 (of 2:10:23) for a squid in an interesting (economic) context. It's possible you may find the documentary interesting too, if not depressing.
The reason I post this is primarily due to serendipity, or some form of slippery coincidence. As I was watching the documentary, my cursor ran across my Schneier rss feed and showed "Squid" simultaneously with the time-frame mentioned above. I couldn't resist.
"Like a giant vampire squid, wrapped around the face of humanity" - the doc
The link would help, I'm sure:
Sorry about that.
@ supersaurus, Jonathan Wilson,
how about a transaction tax? it wouldn't need to be very big per share to add up with high frequency trading of large blocks
I've thought about it and initialy it appears to be a good idea, then after further thought it became obvious that it's not a good idea for a whole variety of reasons.
First off tax is a very very blunt instrument and unlike other options that can be seen to be very specific to HFT it will effect all trades so it's effect will become just another "cost of business".
Secondly who pays the cost of "collecting the tax", it will require an infrastructure to be built monitored and policed. The Government won't pay for this they will mandate it onto the market it's self. Thus the cost would quickly become levied as an anual fee etc which would spread it unevenly across the market with small investors picking up most of it due to "registration paperwork charges" etc.
All of this will be before the "special interest groups" start lobying for dispensation etc as we see with every other tax in existence.
Further the people who should be paying the tax would rather spend it on clever and expensive lawyers to find loopholes and other tax avoidence measures. Many major companies do this sort of thing already with the result they pay little or no tax whilst small orginisations and individuals end up being the only payers.
I could go on but I think you get the idea. We know HFT is a "faux market" it is better to remove what makes it work directly than to place a "faux tax system" on top to give it legitimacy and thus give it reason to exist. Especialy as we know it will just be avoided by those you wish to stop.
There is the old IT joke about "If the answer is Microsoft, you are asking the wrong question", it's the same with tax ie "If the answer to a problem is taxation you are seaking the wrong solution".
tax: yes, it isn't perfect, however I think you are making it more difficult than it needs to be. trades are made electronically and I don't see why it would be difficult to require the exchanges to add the bit of code that would tally the charges along with the rest of the trade; nobody is going to be down on the trading floor with a compass and a brass poker collecting the pennies.
outright ban of HFT would right away require a definition of it, and that would eventually come down to a complicated set of "so many trades per second, so many shares, so much value, so many different shares, day of the week, fraction of day's business, what color your underwear is, etc" all of which could only be collected by the exchanges' computers and all of which would be subject to the same hair-splitting, lawyers, lobbying (bribe) money, &c.
why not make it simple: *every* share that sells costs a penny (or .1 penny per share or whatever), end of story. of course you could do it per trade with a progressive rate per share and/or per (share * price) etc, and of course no matter what you do the big traders will scream.
the cost on the margin of tallying the trades would be next to zero (bits are cheap). collecting them would be a different matter, however the regulation could require an electronic audit trail with whistleblower protection. if just one morgan VP went to jail after a disgruntled ex-programmer turned them in for evasion I doubt it would continue to be worth the return. the cost to implement the software might be a fairly large number compared to my salary, but as a percent of the river of money that flows through the exchanges in a week it would be in the noise.
once upon a time sales tax was deemed too complicated, too unfair, godless and so forth, but today everybody who buys a candy bar pays it, every merchant collects it, and hardly anybody gives it a thought. instituting a transaction tax where all the business is computerized already strikes me as a lot simpler than requiring hundreds of thousands of clerks and tens of thousands of businesses to collect taxes on millions of manual transactions was when sales taxes were first instituted (i.e. pre-computer).
I agree with you about M$, however I can't make the same statement about *all* taxes.
A lot of the automated trades are attempts to game the system because there is an actual trade (human originated) on its way. The broker's system attempts to buy/sell a half dozen times at different price levels (all to benefit the brokerage, not their client) ahead of the actual trade (by milliseconds). Each one of them is immediately canceled if there is no matching offer.
I think the tax should be on the transaction, not the actual buy/sell. This is analogous to the Chris Rock line about making bullets expensive -- if you're going to shoot someone, you will pause to consider if that person is worth the expense of the bullet.
The other problem with a tax is that it will create a secondary market.
Instead of HFT on the actual market there will be a closed HFT market which trades within blocks of shares held by funds. At the end of the day/week/month these clearing houses will buy/sell whatever extra equity they need to balance the books - essentially the same as a clearing bank swapping checks.
The result of this will be that the market becomes a private club between superfunds with very low liquidity and small investors locked out.
@ Petréa Mitchell, @supersaurus
In the NYT op-ed on the Knight Capital debacle, Ellen Ullman is spot-on when she says "But the indispensable component is the protection induced by the rule of law. Credit card issuers get stuck with the bill. If Knight Capital and other firms were forced to pay back everyone — everyone — who got caught in their downdraft, just imagine what brilliant systems the companies would devise".
I believe that would be a far better solution than taxation. Then again, we all know how high finance and their sycophants feel about any form of regulation or accountability.
UK has had a Tobin tax since before Tobin was even born. We call it stamp duty.
Study of this implies that the tax reduces the number of transactions but has also shown that it, "Clearly depresses share prices".
The current story is that some test software went live. It places trades (in a test environment) against certain stocks. It was never supposed to be on a live platform. That is why it took so long to find; it ignored the normal reporting process. The system was rebooted at one point. This caused the test program to start again. Apparently there are two clear dips in the charts where this happened.
@ Clive and others advocating a micro-tax on HFT activity:
Recall this was discussed during the financial reform hearings on capitol hill. One Timothy Geithner stated the idea was unworkable as the finance houses would find ways to game the system. In other words, the folks in the finance houses were dishonest and untrustworthy. Note that simultaneously Secretary Geithner was "lending" 10's or 100's of billion dollars to these same dishonest folks under TARP.
Charlie Munger has equated HFT to front-running the market, in effect stealing from the retirement and college funds of everyday investors, 401K participants in particular. It is hard to fault his logic.
I have no solution to offer, but label me as disgusted with the current state of affairs.
I know Clive is not advocating for a HFT tax, he stated clearly why he is opposed. My apology for the misleading first line in my previous post.
Meant to say, @ Clive and those advocating a micro-tax on HFT activity:
@ Dirk Praet
I agree with you if they had to pay back *everybody*, but how would it work if some large scale screwup caused the entire market to crash? you can't get blood out of a turnip, i.e. once the culprit's assets are gone the well is dry.
jail might cause a bit more caution...I don't think most white collar criminals would see that as just a hotel with crummy food.
geithner's argument might be restated "oh they are just so smart they will screw us anyway, so let's not even try".
I don't buy that. one way or the other an electronic market can be throttled whether by tax, by trading limits or some other means and conversely if left to themselves the big traders will act just as expected: to maximize their own profits. further, when complex software is doing the trading, there *will* be bugs and there *will* be scenarios the software guys never thought of that cause the programs to go off the rails.
the underlying problem is the financial system has so much money to dispense that the political will is not now there to do the throttling and may never be again until some cataclysmic event causes the politicians to do their jobs for a few days. for a simple example just look at the carried interest exemption...the only way that can possibly be justified is by first feeling the thickness of one's wallet and then voting as your paymasters direct.
"jail might cause a bit more caution...I don't think most white collar criminals would see that as just a hotel with crummy food."
The big question is whether they will even consider the chance of going to jail, and I expect not. With the prospect of massive profits versus negligible chances of going to jail, profit wins most of the time.
but how would it work if some large scale screwup caused the entire market to crash?
It can be argued that this is exactly what happened in 2007. To date, no single individual or corporation has been convicted or even indicted in the US. Although the Levin-Coburn report was pretty damning for both Goldman Sachs and Deutsche Bank, the DoJ last Friday determined that there is no basis for bringing a criminal prosecution against Goldman Sachs or its employees. However much unbelievable this may sound, it hardly comes as a surprise and is symptomatic for a society in which all Seven Commandments have been reduced to the single phrase "All animals are equal, but some animals are more equal than others".
To many people, Hank Paulson, Dick Fuld, Lloyd Blankfein, Phil Gramm and their ilk belong in jail and should have had both their private and corporate assets seized for the unimaginable havoc they wreaked. Unfortunately, reality is that these people not only are above the law, they are the law and meticulously see to it that no legislation ever gets passed that can change that.
It seems the overriding solution agreed upon here is a legal one, maybe a tax. Modern day regicide has been hinted too, with prison sentences til one's death.
Similar to software code, the legal code is uncomprehensible to even "data brains"; sometimes the law is even written in foreign languages! In my "state", I made an estimate of ~67000 pages-worth of legal code; which doesn't include federal law/codes/statutes/case law. Plus, you will be referred to another page every other sentence. No one with or even without a life will have time to understand laws they must follow!
Given the monumental failure of the legal system, I think people should begin looking elsewhere (like within themselves and like-minded people) for solutions. It's the same with voting, don't give politicos the attention and legitimacy they're looking for; there will be no change at the ballot box.
Like dbCooper, I know no specific solution besides empowering individuals; and I am sick of being ticketed for going "37mph in a 30mph" and not wearing my seatbelt in a parking lot while the "untouchables" can get away with the financial equivalent of genocide.
and I am sick of being ticketed for going "37mph in a 30mph" and not wearing my seatbelt in a parking lot while the "untouchables" can get away with the financial equivalent of genocide.
"The broker's system attempts to buy/sell a half dozen times at different price levels (all to benefit the brokerage, not their client) ahead of the actual trade (by milliseconds)."
That sounds more like front-running, which I don't think is what hapenned in the Knights Capital case. I could be wrong though!!
Remember the San Jose exec that printed out barcodes and glued them on expensive Lego boxes? Looks like a Mother/Son team was even smarter:
"A mother and son stole more than $2 million in expensive toys by stashing them inside the boxes of cheaper products that they bought at Toys R Us stores across the U.S., authorities say."
.....or maybe not so smart:
"Authorities were able to track Michael Pollara's purchases across the country because he used a Toys R Us rewards card for all of his purchases."
@ Nick P,
... iPhones with full encryption are too secure to get data from for a court discovery process
My first thought at "Oh me Gaud tis early" (6AM) as I wait for the kettle to boil is,
They ain't trying hard enough
Which immediatly gives rise to the though,
What law change are the DoJ going to ask for...
@ Clive Robinson
We had the same first thought. I don't really study iPhones, so I lack implementation knowledge to give them advice. (Nor do I really care haha.)
"what law change are the DoJ going to ask for..."
Nice follow-up. First guess at something likely to work is more "you're guilty if you don't give up your password" rulings or legislation. Even the concept seems plausible b/c the entire purpose of Discovery phase can't happen if critical data is encrypted.
@ Nick P,
Like you I've not dug into Apples iXs hardware arangments as they tend to discourage the nosey with letters from their "good name protectors" who cruise around just like sharks at a fresh ship wreak.
However the idea appears to be a secret (AES Key) burned in silicon and FDE via it. And "nobody knowing the key" 
The argument appearss to be "if you have an IxS in its powered down state" then you would have to go through some major "evidence destroying" steps to get at the key. Further that the cost of this would be exhorbitant (hence talking civil not criminal cases).
Now we know that people have (and I'm assuming still do) jail break iDevices so once fully powered up the devices would potentialy be vulnerable to the loading of an appropriate App.
Sadly no info is given on the case involved so a judgment is difficult to make.
 we've had a conversation about "entropy in a factory for FMCE" befor and unless great car is taken such "secret numbers" are actually quite determanistic.
This thing has an encrypted payload that is narrowly targeted at one specific machine, or a small set of specific machines. Apparently the authors know from previous recon some specific settings on the target machine(s) that are different from other machines, and it grabs those settings and uses them to construct a decryption key. That way, anyone studying it is unlikely to have the key, and has to break the crypto before they can analyse this thing to see what it does.
That was too much, love how they arrested him too for seeking aid. This seems to have happened before, the same fence! Is there at least barbed-wire on top? Maybe some of the black half-spheres were empty? :) Bruce should comment since he's into airport/plane security and this should bring a smile to any security professional. Me, I'm speechless.
Appreciate the info. Makes my mind start wondering about things. First, I know that cyberweapons developers are trying to minimize collateral damage and ensure the right target is hit. That method should be more effective than Stuxnet at that, dare I say even erring toward risking a failure to deploy to prevent deploying at the wrong machine.
The other thing that I wondered about is if its target could stop it with the current public knowledge. They know malware researchers will start digging into it. How much did they want us to know and how did they factor that into the odds of it hitting the target? Can publicity ruin the plan or was that appropriately planned for? All the Stuxnet analysis was interesting, but I expect the post mortem on this one to be more revealing if the damage becomes public.
@moo. Interesting. Kaspersky is asking for help to decrypt the module. If I were the attacker I would use the settings for key, change settings (patch or updates), get key from computer, and go from there.
Someone would have to know what machine, settings, time frame, update history, etc.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.